Transcript

1.
OAuth & LinkedIn

2.
Why Should We Integrate
LinkedIn?
• Users can bring their LinkedIn profile and
network in your site
• Access to a network of over 80 million users
• Authentication to your site using LinkedIn APIs
• Search for profiles, connections
• Update LinkedIn status from your site
And many more….

3.
LinkedIn Platform Guidelines
• No LinkedIn data can be stored
– Exceptions: Storing the Member ID for subsequent API calls & User’s profile data
when given explicit user permission by the owner of the profile
• Don't share your API keys and secrets with anyone
• Data gathered from one user's LinkedIn account/network may not be
exposed to another user
• You must show the agreement screen in its own window
– URL is visible
– Same browser window/tab or pop-up but NOT an Iframe into the current page
• You cannot provide API access to your customers
• http://developer.linkedin.com/docs/DOC-1091

4.
LinkedIn OAuth's Authentication
Model
• You get an API key from LinkedIn. (Consumer Key in OAuth terminology)
• You build a feature into your site that leverages the user's LinkedIn network
• Your user clicks on your UI to request to use that feature.
• You make a call to LinkedIn to ask to use our authentication. This is called getting a Request Token.
• LinkedIn replies with an OAuth Token indicating that you can use the authentication system.
• You send your user to a LinkedIn URL. That URL includes the OAuth Token you got and a few other parameters
such as a URL for LinkedIn to return the user to after granting access.
• The user grants access to your application by signing into that page.
• Upon successful signon, LinkedIn will return the user to your site.
• You will then make a call to LinkedIn to get an Access Token.
• LinkedIn replies with an Access Token for the user. You use that Access Token for any API calls to LinkedIn to
identify the user on whose behalf you are making the call.

9.
Throttle Limits
• Designed to ensure maximum performance for all developers and to protect the user experience
of all users on LinkedIn.
• Three types of throttles applied to all API keys:
– Application throttles: Limit the number of each API call your application can make using its API key.
– User throttles: Limit the number of calls for any individual user of your application.
– Developer throttles: For people listed as developers on their API keys. Approximately four times higher
than the user throttles for most calls.
• Throttled Responses
– 403 HTTP status code with a response body containing an XML document.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<error>
<status>403</status>
<timestamp>1264619093714</timestamp>
<error-code>0000</error-code>
<message>Throttle limit for calls to this resource is reached.</message>
</error>